10-04-2012 09:00 AM - edited 03-11-2019 05:04 PM
Hello All. I am not a ASA expert but I have configured them few times. I have a vision of a task I have to complete but not sure if it is practical or how to go about doing it.
We two locations, Location A and Location B. Both locations have a 100MB internet conection.
Location A has a ASA 5510. Location B has a 5505.
Users at both locations access the internet via their respective ASA.
Location A is the headquarters and Location B is a disaster recovery site.
We want to setup a tunnel between both ASAs. This tunnel will be used to replicate data between the two locations for DR purposes. We need the users to still use the same pipe to get to the internet but want to allocate 10MB for internet use and the remaining 90MB for the DR tunnel.
Can this be done? Any help would be appriciated. Thanks.
10-04-2012 09:20 AM
Hello Asif,
It can be done .
Do you have the tunnel setup already??
Then you will need to setup a police action for the internet traffic so you can provide the rest of the bandwith to the tunnel.
This will be done with the MPF setup.
Any other question...Sure...Just remember to rate all of my answers...
Julio
10-04-2012 10:38 AM
Thanks for the reply Julio.
There is no tunnel setup yet.
So how do I go about doing this? What are the first steps? If you could hold my hand through this...
10-04-2012 10:43 AM
Okay Asif,
I will help.
Let me know when you have the tunnel up okay?
Regards,
Any other question...Sure...Just remember to rate all of my answers...
10-04-2012 10:48 AM
Thanks but thats what I need help with. How do I get the tunnel up?
10-04-2012 10:51 AM
Hello,
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080950890.shtml
http://packetlife.net/blog/2011/jul/11/lan-lan-vpn-asa-5505/
10-11-2012 07:51 AM
Sorry for the late reply. We changed the ISP at the remote site, so I was waiting for their internet to come up and function properly before I started working on the tunnel.
I looked through the links you sent and it looks pretty simple. Once the tunnel is created, will it effect the users using the internet at each site?
10-11-2012 01:51 PM
Any help?
10-12-2012 07:55 AM
Can anyone please help?
10-12-2012 09:49 AM
Hello Asif,
No, internet traffic will go to the ISP as it should,
Remember to rate all of the helpful answers
Julio
10-12-2012 10:10 AM
Ok but during the tunnel setup arent we saying in the access list setup that all traffice from the first ASA needs to go to the second ASA? Dosent that mean "ALL" traffic including internet traffic will go to the second ASA via the tunnel? Maybe you could clearify that for me...
Thanks.
10-12-2012 10:14 AM
Hello,
On the links I sent you the only traffic being encrypted is the one between the remote branches
access-list 100 extended permit ip 10.2.2.0 255.255.255.0 10.1.1.0 255.255.255.0 |
As you can see on the above example, not all traffic is being encrypted.
Regards
10-12-2012 10:17 AM
Ahhhh ok. I understand now. The only traffic that will go through that tunnel is the traffic whose destination is the second ASA from the first ASA. OK. So I will get the tunnel setup and report back. Thanks.
10-12-2012 10:29 AM
Location A has a ASA 5510. That shouldnt make a difference right?
10-12-2012 11:07 AM
Correct,
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide